From 6c44bdb960ed6c1227bbab0933abb7be3a041727 Mon Sep 17 00:00:00 2001 From: Arnaud Ysmal Date: Fri, 13 Dec 2013 19:51:58 +0100 Subject: [PATCH] nb_name_len does not increase size when nn_scope contains only a \0, do the same on nb_name_encode to avoid a buffer overflow --- lib/smb/nb_name.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/smb/nb_name.c b/lib/smb/nb_name.c index 8323e3a..d693be5 100644 --- a/lib/smb/nb_name.c +++ b/lib/smb/nb_name.c @@ -182,7 +182,7 @@ nb_name_encode(struct nb_name *np, u_char *dst) cp += 2; } *cp = 0; - if (np->nn_scope == NULL) + if (np->nn_scope == NULL || *np->nn_scope == 0) return nb_encname_len(dst); plen = cp++; lblen = 0;